CDR: Re: why should it be trusted?

Kerry L. Bonin kerry at vscape.com
Tue Oct 17 00:27:19 PDT 2000 

At 09:27 PM 10/16/00 -0700, Tim May wrote:
>At 8:50 PM -0700 10/16/00, Nathan Saper wrote:
[snip]
>Recall that your precise words were:
>
>"IMHO, the NSA has enough expertise and technology to crack just about
>any cipher out there."
>
>This is a claim about _ciphers_, a claim often made by the clueless. 
>("Any cipher can be broken...," "The NSA has more than enough 
>computer power...," are the most common variants.)

And yet ciphers are a significant target of the NSA.  Sure, they devote
significant resources to exploiting weaknesses in key management, but
ciphers are a primary target.

Many people who discuss the capabilities of the NSA do not use proper
methodology in extrapolating their technical capabilities.  General purpose
computers and supercomputers are not well suited to attacking ciphers -
custom silicon is the best means.

Extrapolate capabilities from the EFF DES crack project and you are
somewhat closer (1536 ASIC w/ 24 cores/ASIC yielded 4.52 days/crack of 56
bit keyspace), then take into consideration the advantages of using more
sophisticated semiconductor processes (ECL 15 years ago, GaAs on Sapphire
today) and the higher clock rates that go with that (40MHz to well > 1GHz),
and rerun your numbers.  Instead of a small cabinet, fill floors of
buildings with these machines, and you have realtime cracking farms.

It should be noted that increasing the keyspace isn't a magic protection
implying the heat entropy of the universe prevents a crack - the NSA has
been playing with Feistel networks since before most cryptographers even
knew about DA, not to mention the possibilities of many other unknown
weaknesses in Feistel networks being known to the NSA.

As for my own comments, I wrote layout and design tools used on these NSA
custom chips in the mid 80's, certified for use with the "NSA Standard Cell
Library" by their chip designers (they were just one of the customers of
the CAD/CAM/CAE software I worked on back then...)

I don't think its unreasonable to extrapolate that a sufficiently high
priority message can be cracked by the NSA in near realtime, regardless of
the cipher strength used, without significant knowledge of the nature of
the plaintext.  I'd imagine most attacks focus on key management, but
anyone serious about the game will have obscene numbers of gates chewing on
ciphertext.

Kerry L. Bonin (speaking for self, insert lawyer joke here...)
Sr. Engineer, Security/Cryptography, Cisco Systems.
VScape lead architect - Adaptive secure clustering for multiuser VR.

More information about the cypherpunks-legacy mailing list